Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 8.3.3, 8.2.10, 8.0.24, 7.0.35
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Query Optimization
Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v8.3, v8.2, v8.0, v7.0
Linked BF Score:
200
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Exchange is expected to be used by mongos communicating with mongod instances.

Some code paths "trust" the contents of this as-if it were from a validated source i.e., there are invariants on the contents. This means external clients are able to crash mongod by supplying unexpected exchange state.

Invariants are being investigated and changed individually, but over all exchange should not be part of the attack surface of mongod.

related to

SERVER-126803 Use internal client+writeConcern in exchange_keyrange_maxkey.js

In Code Review

SERVER-126978 Temporarily exclude test in multiversion setup

Closed

Assignee:: James Harrison
Reporter:: James Harrison
Participants:: James Harrison
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Apr 16 2026 01:03:37 PM UTC
Updated:: Jun 09 2026 10:01:04 PM UTC
Resolved:: Jun 09 2026 04:27:55 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates